Privacy Policy

1. Who we are

CNTR ("we", "us") is the developer of the CNTR mobile application. This Privacy Policy describes the personal data we process when you use the CNTR mobile application, the website at getcntr.app, and related services.

2. What we collect

Information you provide

• Workout input. Text you type or dictate into the app describing your sets, reps, weight, exercise, equipment settings, and any notes.
• Support correspondence. Email address and message contents when you contact support.

Information collected automatically (App)

• Anonymous device identifier. A randomly generated ID stored on your device. We use it to associate your workout history with your device — no personal identity is attached.
• Diagnostic and product analytics data. Crash reports, performance metrics, and basic usage events (for example, "set logged"), collected via Google Analytics 4 (Firebase). This includes app version, device model, OS version, language, and approximate (country/region-level) location derived from IP. The IP address itself is not stored by GA4. Workout text is never sent to analytics.

Information collected automatically (Website)

• Website analytics. When you visit getcntr.app, we use Google Analytics 4 to measure pages viewed, referring site, approximate (city-level) location derived from IP, device and browser type, and language. The IP address itself is not stored by GA4. We also use Cloudflare for hosting, which processes request metadata (including IP) for security and reliability.
• Cookies. The website sets first-party cookies used by Google Analytics (typically _ga and _ga_<ID>) to distinguish unique visitors. No advertising cookies are set.

Information we do not collect

• Real name, email, phone, or address (unless you provide it through support).
• Photos, contacts, calendar, or HealthKit data.
• Precise location.
• Data used for advertising or cross-site tracking.

3. How we use it

• Convert your workout text into structured exercise data using AI.
• Store and display your workout history and progress charts.
• Improve the accuracy of the AI parser using anonymized aggregate data.
• Diagnose crashes and improve app stability.
• Respond to support requests.

4. Sharing & processors

We share data only with service providers that process it on our behalf, under contract, to operate the App:

• AI processor. When you log a set or ask a recall question (for example, "what did I do last time?"), the workout text and relevant prior log entries are sent to a third-party large-language-model provider for inference and a structured response. We have a data processing agreement with our AI provider that (a) prohibits use of your inputs and outputs to train its foundation models, (b) requires deletion of inference data within 30 days, and (c) limits use to providing the service to us. The AI provider may process your data in the United States.
• Cloud storage & hosting. To store your workout history and run the backend.
• Crash & product analytics. We use Google Analytics 4 (provided by Google LLC / Google Ireland Ltd.) to receive aggregated diagnostic and usage events from both the App and the website, in order to detect crashes, measure feature usage, and improve stability. No workout text is sent to analytics. GA4 may process data in the United States; transfers from the EEA/UK are made under Google's Standard Contractual Clauses. Google's privacy policy is available at policies.google.com/privacy.
• Hosting & CDN. The website is hosted on Cloudflare, which processes request metadata (including IP) for delivery, caching, and security.

We do not sell personal data, we do not share data with advertising networks, and we do not use your workout data for any form of behavioral advertising.

5. Security

Workout data is encrypted in transit (TLS 1.2 or higher) and at rest. We do not collect or store payment information — in-app purchases are handled entirely by Apple. Employee access to production data is restricted to what's required for support and engineering. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify affected users and applicable regulators as required by law.

6. Retention

Workout history is retained until you delete it. You can wipe everything from Settings → Wipe all data in the app, or request deletion by email.

Chat history — the recall questions you ask the AI and its responses — is automatically deleted 28 days after each conversation. We do not use chat content to train AI models.

7. Your rights

Depending on your jurisdiction (including the EU/EEA, UK, and California), you may have the right to access, correct, delete, or export the data associated with your device identifier. The fastest way to delete everything is the in-app Settings → Wipe all data option, which removes your workout history within 24 hours. For access, correction, or export requests, email privacy@getcntr.app and we will respond within 30 days. Because CNTR does not require an account, requests are handled based on the information you provide; we may not be able to fulfill a request if we cannot reasonably link it to your data.

You can opt out of Google Analytics on the website by installing the Google Analytics Opt-out Browser Add-on, by enabling Do Not Track / Global Privacy Control in your browser, or by blocking cookies. On iOS, you can limit app analytics via Settings → Privacy & Security → Analytics & Improvements and by toggling Allow Apps to Request to Track.

8. California residents

If you are a California resident, the CCPA and CPRA give you the rights described in Section 7 (know, access, correct, delete, port). We do not sell your personal information and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law. We have not done so in the prior 12 months. The categories of personal information we collect are described in Section 2; the purposes for which we use them are described in Section 3.

9. Children

CNTR is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has used the App, please contact us and we will delete any associated data.

10. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted in the App and dated at the top of this page. Continued use after a change constitutes acceptance of the updated policy.

11. Contact

Questions or requests:
Email: privacy@getcntr.app
Support: getcntr.app/support